Versions Compared

Old Version 10

changes.mady.by.user Siyao Meng

Saved on

compared with

New Version 11

changes.mady.by.user Siyao Meng

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Compare with my fork (rebased, CI in progress, will be pushed to upstream once CI passed): https://github.com/apache/ozone/compare/HDDS-4944...smengcl:HDDS-4944

...

Requirements to enable S3 multi-tenancy:

  1. Use Apache Ranger
  2. Enable Ozone security and use Kerberos authentication

...

To enable multi-tenancy with Ranger Java client (

Jira
serverASF JIRA
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keyHDDS-5836
), clear text Ranger admin user name and password will no longer be necessary. Rather it the Ranger Java client (re)uses the existing OM Kerberos keytab and principal and keytab config. Therefore only two config keys are necessary to enable the feature:

Code Block
languagexml
<property>
   <name>ozone.om.multitenancy.enabled</name>
   <value>true</value>
</property>
<property>
	<name>ozone.om.ranger.https-address</name>
	<value>https://RANGER_HOST:6182</value>
</property>
<property>
	<name>ozone

`ozone.om.

...

kerberos.principal` and `ozone.om.

...

kerberos.

...

keytab.file` should have been configured already.


1. builds/intermittent test failures

...